not able to ping soft-ether client from soft-ether server

[Mehul2802]

Hi,

I have done setup of soft-ether in widows 8. I have enable secure NAT, DHCP and Local bridging,
I have installed softether client on another windows machine, It is getting connected to soft-ether server.

I am not able to ping softether client (192.168.30.10) from server side.


Thanks

[moatazelmasry]

I'm not really sure, but this might be because they are in different subnets now.
When you created a vpn connection to the SE server, your client received the IP 192.168.30.10

Assume your server has the IP 192.168.0.5
When you ping from your server, you can not reach 192.168.30.0/24 subnet. You might need to bridge the two subnets or so to solve this

[Mehul2802]

There is an option of local bridging on softether- server. I have enabled it.

softether server IP: 192.168.6.169

local client IP: 192.168.6.171

softether client IP: 192.168.30.10 (assigned by DHCP)

Is there any other bridge connection that i need on server side?

[moatazelmasry]

I'm not an expert, so please execuse any mistakes.

Creating a local bridge is like connecting a wire between the LAN Card and the virtual Hub.

Which now means that all VPN clients 192.168.30.10/24 are allowed to reach 192.168.6.1/24 subnet. This local bridge only exists inside SoftEther.

You in contrast are trying to reach 192.168.30.10/24 from 192.168.6.1/24. When you issue a ping command, the OS doesn't know what to do with that command, since he doesn't know about your 30.10/24 subnet. To understand more, look at the output of commands like
route -n
ip addr show
ip route

And you will see no mention of 192.168.30.10/24. This subnet lives only inside SoftEther.

To summarize:
192.168.30.10/24 (Client) to 192.168.6.1/24 (Server) OK
192.168.6.1/24 (Server) to 192.168.30.10/24 (Client) NOT OK

So how can you ping a VPN client from the server? My guess is, you can not, at least not in the way you want. The server itself has to connect to SoftEther as a client, but then again, you can/should not have the VPN client and server on the same machine

[kvv213]

When you solve your routing mess keep in mind that by default Windows PC don't receive Pings from other tnetworks except they belongs to. This is their firewall work.

[Mehul2802]

@kvv213

Can you explain with an example ?

Like, server ip: 192.168.6.178

client ip: 192.168.30.10 (Assigned by DHCP when enabling secure NAT)

So, ping from server to client won't work because of firewall ? Is that so ?

[thisjun]

Please do not use localbridge and SecureNAT at same time.
If you want to connect from server, you should disable SecureNAT.

[Mehul2802]

@thisjun

Can you give me proper guidance on configuration ?

Soft-ether server IP: 192.168.6.130
(Enabling secure NAT with 10.1.30.1 as server IP) and range is 10.1.30.10-10.1.30.60
------------------------------------------------------------

Client IP: 192.168.6.140

-Creating new adapter vpn_se and connecting to soft-ether server.
-It gives IP address: 10.1.30.11

Is this the correct way ?

[thisjun]

I recommend to use localbridge.

The server segment and the client segment are same. Is it correct?

[Mehul2802]

Hi,

@thisjun
I have already done connection using local bridge. It works now...

Thanks,
Mehul